Lucene search
K
Lm-sysFastchat

6 matches found

CVE
CVE
added 2024/12/30 11:47 a.m.93 views

CVE-2024-10044

CVE-2024-10044 describes a Server-Side Request Forgery (SSRF) in the lm-sys/fastchat Controller API Server, affecting the POST /worker_generate_stream endpoint. The vulnerability allows an attacker to misuse the controller API server’s credentials to perform unauthorized web actions or access res...

9.3CVSS9.2AI score0.00511EPSS
CVE
CVE
added 2025/03/20 10:9 a.m.72 views

CVE-2024-10908

The CVE-2024-10908 entry describes an open redirect vulnerability in lm-sys/fastchat release 0.2.36. The issue allows remote, unauthenticated attackers to redirect users to arbitrary URLs, enabling phishing, malware distribution, and credential theft. Affected component: lm-sys/fastchat, version ...

6.1CVSS6.3AI score0.0077EPSS
CVE
CVE
added 2025/03/20 10:10 a.m.62 views

CVE-2024-12376

The CVE-2024-12376 entry describes a Server-Side Request Forgery (SSRF) in the lm-sys/fastchat web server, specifically affecting the git 2c68a13 revision. The vulnerability allows an attacker to access internal server resources and data not normally reachable, including AWS metadata credentials....

7.5CVSS7.5AI score0.00703EPSS
CVE
CVE
added 2025/03/20 10:10 a.m.59 views

CVE-2024-11603

Summary: CVE-2024-11603 is a Server-Side Request Forgery (SSRF) vulnerability in lm-sys/fastchat 0.2.36. The flaw resides in the /queue/join? endpoint where insufficient validation of the path parameter enables crafted requests that can reach internal networks or the AWS metadata endpoint. Multip...

7.5CVSS7.5AI score0.00646EPSS
Web
CVE
CVE
added 2025/03/20 10:10 a.m.47 views

CVE-2024-10907

CVE-2024-10907 affects lm-sys/fastchat Release v0.2.36. The server fails to handle excessive characters appended to the end of multipart boundaries, allowing an unauthenticated attacker to send malformed multipart requests. Each extra boundary character can be processed in an infinite loop, causi...

7.5CVSS7.5AI score0.00642EPSS
CVE
CVE
added 2025/03/20 10:10 a.m.42 views

CVE-2024-10912

CVE-2024-10912 affects lm-sys/fastchat 0.2.36. The DoS arises from improper handling of multipart/form-data with a very large filename in the file upload path, per Red Hat/NVD/CVE records and related advisories. An attacker can exhaust server resources by sending a payload with an oversized filen...

7.5CVSS7.5AI score0.00588EPSS